| Description: | | A vulnerability exists in the McAfee ePolicy Orchestrator (ePO), and the Protection Pilot products. The flaw is caused by insufficient bounds-checking of user-supplied input within the SiteManager ActiveX Control component. A remote attacker may exploit this vulnerability via a specially crafted web page to cause stack-based buffer overflow on the target host and execute arbitrary code in the context of the currently logged in user. In an attack case where code injection is not successful, Internet Explorer (or the application processing the malicious HTML file) will terminate abnormally. In a more sophisticated attack, where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user. |